Here are the logs. I have also installed and are running Kaspersky Internet Security to avoid this in the future.
ComboFix 08-06-12.2 - Owner 2008-06-20 12:46:56.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.267 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVP
-------\Service_AVP
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.
2008-06-19 03:04 . 2008-06-19 03:18 96,966 --a------ C:\WINNT\system32\drivers\klin.dat
2008-06-19 03:04 . 2008-06-19 03:18 88,774 --a------ C:\WINNT\system32\drivers\klick.dat
2008-06-19 03:03 . 2008-06-19 03:03 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-17 03:06 . 2008-06-17 03:06 <DIR> d-------- C:\WINNT\55A6283C638A4EE0B49151118554BDA2.TMP
2008-06-15 14:50 . 2008-06-13 09:10 272,128 -----c--- C:\WINNT\system32\dllcache\bthport.sys
2008-06-15 14:50 . 2008-05-08 08:28 202,752 -----c--- C:\WINNT\system32\dllcache\rmcast.sys
2008-06-14 22:10 . 2008-06-14 22:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 22:10 . 2008-06-14 22:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-14 22:10 . 2008-06-14 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 22:10 . 2008-06-10 19:02 34,296 --a------ C:\WINNT\system32\drivers\mbamcatchme.sys
2008-06-14 22:10 . 2008-06-10 19:02 15,864 --a------ C:\WINNT\system32\drivers\mbam.sys
2008-06-13 01:30 . 2008-03-25 02:37 69,632 --a------ C:\WINNT\system32\javacpl.cpl
2008-06-13 00:49 . 2008-06-13 00:49 <DIR> d----c--- C:\VundoFix Backups
2008-06-10 23:00 . 2008-06-10 23:00 <DIR> d----c--- C:\kav
2008-06-10 22:26 . 2008-06-10 22:26 9,662 --a------ C:\WINNT\system32\pinkip.ico
2008-06-10 18:25 . 2008-06-10 18:25 13,942 --a------ C:\WINNT\system32\iphone-011.ico
2008-06-10 06:53 . 2002-08-13 13:25 <DIR> d-------- C:\Documents and Settings\Administrator.AZ\Application Data\Symantec
2008-06-10 06:53 . 2002-08-13 13:20 <DIR> d-------- C:\Documents and Settings\Administrator.AZ\Application Data\InterTrust
2008-06-10 06:53 . 2008-06-10 07:27 <DIR> d-------- C:\Documents and Settings\Administrator.AZ
2008-06-10 02:34 . 2008-06-10 02:38 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-05 18:54 . 2008-06-10 04:14 <DIR> d-------- C:\WINNT\system32\NMP
2008-06-04 01:33 . 2008-06-04 01:33 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2008-06-03 23:06 . 2008-06-03 23:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-06-03 20:11 . 2008-06-03 20:11 2,640 --a------ C:\WINNT\system32\settings.aaw
2008-06-03 20:11 . 2008-06-03 20:11 1,584 --a------ C:\WINNT\system32\history.aaw
2008-06-03 16:39 . 2008-06-03 16:39 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-06-03 16:29 . 2008-06-19 00:54 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-03 15:58 . 2008-06-11 02:26 10,671 --a------ C:\WINNT\system32\drivers\SYMEVENT.CAT
2008-06-03 15:58 . 2008-06-11 02:26 805 --a------ C:\WINNT\system32\drivers\SYMEVENT.INF
2008-06-03 15:57 . 2008-06-19 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 06:56 . 2008-06-20 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-31 06:56 . 2008-06-20 12:59 1,345,824 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2008-05-31 06:56 . 2008-06-20 12:55 51,488 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2008-05-31 06:56 . 2008-06-20 12:54 19,076 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
2008-05-31 06:56 . 2008-06-20 12:54 5,852 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
2008-05-31 06:01 . 2008-05-31 06:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-31 06:01 . 2008-05-31 06:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-31 06:00 . 2008-05-31 06:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 01:32 . 2008-05-31 01:32 335 --a------ C:\WINNT\mozregistry.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 07:25 112,144 ----a-w C:\WINNT\system32\drivers\kl1.sys
2008-06-13 13:10 272,128 ----a-w C:\WINNT\system32\drivers\bthport.sys
2008-06-13 05:30 --------- d-----w C:\Program Files\Java
2008-06-06 01:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-31 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 05:35 --------- d-----w C:\Program Files\FreeFTP
2008-05-08 12:28 202,752 ----a-w C:\WINNT\system32\drivers\rmcast.sys
2008-05-08 02:25 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-29 15:20 15,648 ----a-w C:\WINNT\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINNT\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINNT\system32\drivers\Awrtpd.sys
2008-04-23 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Retrospect
2006-03-10 19:47 389,120 ----a-w C:\Documents and Settings\Owner\remote.exe
2003-09-01 22:32 1,568 ----a-w C:\Documents and Settings\Owner\Application Data\mpauth.dat
2003-06-22 07:22 62,400 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot_2008-06-19_ 1.48.24.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-19 05:04:37 2,048 --s-a-w C:\WINNT\bootstat.dat
+ 2008-06-20 16:55:43 2,048 --s-a-w C:\WINNT\bootstat.dat
- 2008-04-14 11:01:02 272,128 ------w C:\WINNT\Driver Cache\i386\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINNT\Driver Cache\i386\bthport.sys
- 2008-06-06 01:16:02 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-20 02:26:36 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
- 2008-06-06 01:16:02 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-20 02:26:36 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-06 01:16:02 49,152 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-20 02:26:36 49,152 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-28 23:51:04 195,344 ----a-w C:\WINNT\system32\drivers\klif.sys
+ 2007-12-13 17:28:40 24,592 ----a-w C:\WINNT\system32\drivers\klim5.sys
+ 2008-02-08 22:35:42 23,604 ----a-w C:\WINNT\system32\drivers\klopp.dat
+ 2008-02-08 22:37:44 219,664 ----a-w C:\WINNT\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 03:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 15:50 66048 C:\WINNT\system32\SK9910DM.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"WD Button Manager"="WDBtnMgr.exe" [2005-01-13 22:02 331776 C:\WINNT\system32\WDBtnMgr.exe]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 04:51 172032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-04-29 19:25:48 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_Dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, zwebauth.dll, digest.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINNT\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk
backup=C:\WINNT\pss\SmartUI.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINNT\pss\Verizon Online Support Center.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINNT\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-10-06 14:57 24576 C:\WINNT\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
--a------ 2002-05-06 20:12 65536 C:\WINNT\GWMDMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2002-08-12 12:07 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2001-08-23 17:52 331830 C:\Program Files\Microsoft Works\WksSb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2001-08-17 00:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDUiP6600DMon]
--a------ 2005-05-25 09:35 69632 C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-01-09 09:21 253952 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-01-13 10:19 757760 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 02:00 90112 C:\WINNT\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2003-10-06 14:57 24576 C:\WINNT\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2003-05-06 23:07 24576 C:\Program Files\Microsoft Works\wkfud.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\kav\\kis\\setup.exe"=
"C:\\WINNT\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R3 brfilt;Brother MFC Filter Driver;C:\WINNT\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
R3 brparimg;Brother Multi Function Parallel Image driver;C:\WINNT\system32\DRIVERS\BrParImg.sys [2001-08-17 13:12]
R3 BrParWdm;Brother WDM Parallel Driver;C:\WINNT\system32\Drivers\BrParwdm.sys [2001-08-17 13:12]
R3 BrSerWDM;Brother WDM Serial driver;C:\WINNT\system32\Drivers\BrSerWdm.sys [2001-08-17 13:12]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINNT\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-17 00:00:00 C:\WINNT\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 12:57:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINNT\system32\BrmfRsmg.exe
.
**************************************************************************
.
Completion time: 2008-06-20 13:05:49 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-06-20 17:05:44
ComboFix2.txt 2008-06-20 02:39:26
ComboFix3.txt 2008-06-19 05:48:43
ComboFix4.txt 2008-06-17 04:27:06
ComboFix5.txt 2008-06-15 20:09:17
Pre-Run: 19,659,542,528 bytes free
Post-Run: 19,656,450,048 bytes free
208 --- E O F --- 2008-06-20 16:20:04
Logfile of HijackThis v1.99.1
Scan saved at 01:02:15, on 2008-06-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\BRMFRSMG.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Owner\Desktop\Virus\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ConferenceRoom Java Client - http://chat.privatef...000/java/cr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {0BE0E0B4-3E03-4EB6-99B2-00948505A067} (Media Client ActiveX Installer) - http://www.downloadc...MCInstaller.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - http://www.stamps.co...45/sdcregie.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_2.ocx
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://www.ichat.com...ent/msichat.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.co...file=stamps.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - hcp://system/XPLControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.s.../ActiveData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15008/CTPID.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswar...1/DMInstall.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe